<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>File: README</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <meta http-equiv="Content-Script-Type" content="text/javascript" />
  <link rel="stylesheet" href=".././rdoc-style.css" type="text/css" media="screen" />
  <script type="text/javascript">
  // <![CDATA[

  function popupCode( url ) {
    window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
  }

  function toggleCode( id ) {
    if ( document.getElementById )
      elem = document.getElementById( id );
    else if ( document.all )
      elem = eval( "document.all." + id );
    else
      return false;

    elemStyle = elem.style;
    
    if ( elemStyle.display != "block" ) {
      elemStyle.display = "block"
    } else {
      elemStyle.display = "none"
    }

    return true;
  }
  
  // Make codeblocks hidden by default
  document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
  
  // ]]>
  </script>

</head>
<body>



  <div id="fileHeader">
    <h1>README</h1>
    <table class="header-table">
    <tr class="top-aligned-row">
      <td><strong>Path:</strong></td>
      <td>README
      </td>
    </tr>
    <tr class="top-aligned-row">
      <td><strong>Last Update:</strong></td>
      <td>Mon Jul 23 08:12:38 -0600 2007</td>
    </tr>
    </table>
  </div>
  <!-- banner header -->

  <div id="bodyContent">



  <div id="contextContent">

    <div id="description">
      <h2>Summary ==</h2>
<p>
There are many role-based security plug-ins out there. Often times, they
are very complicated and much more than you need.
</p>
<p>
<a href="../classes/RoleRequirement.html">RoleRequirement</a> focuses on a
simple approach to role-based authentication. you don&#8216;t have to learn
a new language in order to specify roles. Instead, <a
href="../classes/RoleRequirement.html">RoleRequirement</a> leverages the
power of Ruby to strike a marvelous balance between simplicity and
flexibility.
</p>
<p>
Basic Features:
</p>
<pre>
  * Implement role security system using an enum field or a habtm collection (user can have one or many roles)
  * Full Test Helpers to make it easy to test your controllers
  * Squeaky Clean implementation so you don't have to repeat yourself.
</pre>
<h2>Usage ==</h2>
<p>
Steps to using as easy as 1, 2, 3!
</p>
<h3>1. Install acts_as_authenticated and role_requirement ===</h3>
<p>
See install instructions below. You must generate your User model from
acts_as_authenticated and include AuthenticatedSystem in your
ApplicationController, as usual.
</p>
<h3>2. Add has_role? to your User model ===</h3>
<p>
{{{ class User &lt; ActiveRecord::Base &#8230;
</p>
<pre>
  # has_role? simply needs to return true or false whether a user has a role or not.
  # It may be a good idea to have &quot;admin&quot; roles return true always
  # You can use either a habtm relationship for roles, or a simple enum field.
  # This example uses a habtm
  def has_role?(role)
    @roles ||= self.roles.collect(&amp;:name)
    return true if @roles.include?(&quot;admin&quot;)
    (@roles.include?(role.to_s) )
  end
</pre>
<p>
&#8230; }}}
</p>
<h3>3. Require a roles in your controllers ===</h3>
<p>
It&#8216;s easy as pie!
</p>
<p>
{{{
</p>
<p>
class Admin::Users &lt; ApplicationController
</p>
<pre>
  require_role &quot;admin&quot;
</pre>
<p>
end
</p>
<p>
}}}
</p>
<p>
Unlimited flexibility without the mess!
</p>
<p>
{{{
</p>
<p>
class Admin::Listings &lt; ApplicationController
</p>
<pre>
  require_role &quot;contractor&quot;
  require_role &quot;admin&quot;, :only =&gt; :destroy # don't allow contractors to destroy

  # leverage ruby to prevent contractors from updating listings they don't have access to.
  require_role &quot;admin&quot;, :only =&gt; :update, :unless =&gt; &quot;current_user.authorized_for_listing?(params[:id]) &quot;
</pre>
<p>
end
</p>
<p>
}}}
</p>
<h2>Installation ==</h2>
<p>
script/plugin install <a
href="http://rolerequirement.googlecode.com/svn/tags/role_requirement">rolerequirement.googlecode.com/svn/tags/role_requirement</a>/
</p>
<h2>Help ==</h2>
<p>
Here&#8216;s how to get help
</p>
<pre>
 * Browse the http://code.google.com/p/rolerequirement/wiki/Documentation
 * post an issue to the http://code.google.com/p/rolerequirement/issues/list
</pre>
<h2>Author ==</h2>
<p>
{{{
</p>
<pre>
  Tim C. Harper - irb(main):001:0&gt; ( 'tim_see_harperATgmail._see_om'.gsub('_see_', 'c').gsub('AT', '@') )
</pre>
<p>
}}}
</p>

    </div>


   </div>


  </div>


    <!-- if includes -->

    <div id="section">





      


    <!-- if method_list -->


  </div>


<div id="validator-badges">
  <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>

</body>
</html>